CWE:
 

Tytuł
Data
Autor
Med.
Hikvision Remote Code Execution / XSS / SQL Injection
02.02.2023
Thurein Soe
Med.
WordPress Quick Restaurant 2.0.2 XSS / CSRF / IDOR / Missing Authorization
02.02.2023
Marco Wotschka
Low
PHPJabbers Business Directory Script 3.2 Cross Site Scripting
01.02.2023
CraCkEr
Low
Zstore 6.6.0 Cross Site Scripting
01.02.2023
nu11secur1ty
Low
PHPJabbers Travel Tours Script 1.0 Cross Site Scripting
30.01.2023
CraCkEr
Low
PHPJabbers Property Listing Script 3.1 Cross Site Scripting
30.01.2023
CraCkEr
Low
Inout Jobs Portal 2.2.2 Cross Site Scripting
28.01.2023
CraCkEr
High
Secure Web Gateway 10.2.11 Cross Site Scripting
28.01.2023
RedTeam
Low
AmazCart Laravel Ecommerce System CMS 3.4 Cross Site Scripting
24.01.2023
Sajibe Kanti
Low
Inout Search Engine 10.1.3 Cross Site Scripting
24.01.2023
CraCkEr
Low
Active eCommerce CMS 6.5.0 Cross Site Scripting
23.01.2023
Sajibe Kanti
Low
SLIMS 9.5.2 Cross Site Scripting
21.01.2023
nu11secur1ty
Low
Inout Multi-Vendor Shopping Cart 3.2.3 Cross Site Scripting
21.01.2023
CraCkEr
Low
Jettweb Ready Rent A Car Script 4 Cross Site Scripting
18.01.2023
CraCkEr
Low
eCart Web 5.0.0 Cross Site Scripting
15.01.2023
CraCkEr
Low
Academy LMS 5.11 Cross Site Scripting
13.01.2023
CraCkEr
Low
ChiKoi New-MVC-SHOP 1.0 Cross Site Scripting
13.01.2023
CraCkEr
Low
Tiki Wiki CMS Groupware 25.0 Cross Site Scripting
12.01.2023
CraCkEr
High
WordPress Royal Elementor 1.3.59 XSS / CSRF / Insufficient Access Controls
11.01.2023
Ramuel Gall
Low
Senayan Library Management System 9.2.2 Cross Site Scripting
27.12.2022
nu11secur1ty
Low
Senayan Library Management System 9.2.0 Cross Site Scripting
21.12.2022
nu11secur1ty
Low
Senayan Library Management System 9.2.1 Cross Site Scripting
21.12.2022
nu11secur1ty
Low
Senayan Library Management System 9.1.1 Cross Site Scripting
20.12.2022
nu11secur1ty
Low
Shoplazza 1.1 Cross Site Scripting
16.12.2022
Andrey Stoykov
Low
Senayan Library Management System 9.0.0 Cross Site Scripting
11.12.2022
nu11secur1ty
Low
Senayan Library Management System 9.4.0 Cross Site Scripting
11.12.2022
nu11secur1ty
High
ILIAS eLearning 7.15 Command Injection / XSS / LFI / Open Redirect
09.12.2022
Anna Hartig
Med.
Planet eStream Code Execution / SQL Injection / XSS / Broken Control
09.12.2022
Philipp Espernberger
Med.
Delta Electronics DX-2100-L1-CN 1.5.0.10 Command Injection / XSS
09.12.2022
T. Weber
Low
IBM Websphere Application Server 7.0 Cross Site Scripting
05.12.2022
Milad Karimi
Med.
OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption
01.12.2022
Martin Heiland
Low
Ecommerce 1.0 Cross Site Scripting / Open Redirect
26.11.2022
nu11secur1ty
Low
ClicShopping 3.402 Cross Site Scripting
21.11.2022
nu11secur1ty
Low
Revenue Collection System 1.0 Cross Site Scripting / Authentication Bypass
17.11.2022
Joe Pollock
High
Ecommerce CodeIgniter Bootstrap 1.0 Cross Site Scripting
31.10.2022
nu11secur1ty
Low
ERP Sankhya 4.13.x Cross Site Scripting
26.10.2022
Lucas Alves Da Cunha
Low
Dinstar FXO Analog VoIP Gateway DAG2000-16O Cross Site Scripting
26.10.2022
Yehia Elghaly
Low
WiFi File Transfer 1.0.8 Cross Site Scripting
17.10.2022
Vulnerability Laborato...
Low
Garage Management System 1.0 - 'categoriesName' - Stored XSS
15.10.2022
Sam Wallace
Low
Joomla KSAdvertiser 2.5.37 Cross Site Scripting
13.10.2022
CraCkEr
Med.
Joomla Vik Rent Car 1.14 Cross Site Scripting
10.10.2022
CraCkEr
Low
WordPress eCommerce Product Catalog 3.0.70 Cross Site Scripting
10.10.2022
CraCkEr
Low
WordPress / Joomla JReviews 4.1.5 Cross Site Scripting
10.10.2022
CraCkEr
Low
Joomla JoomBri Careers 3.3.0 Cross Site Scripting
08.10.2022
CraCkEr
Low
Joomla Vik Booking 1.15.0 Cross Site Scripting
08.10.2022
CraCkEr
Low
Canteen Management 1.0-2022 Cross Site Scripting
05.10.2022
nu11secur1ty
Low
Centreon 22.04.0 Cross Site Scripting
04.10.2022
syad
Low
Joomla MarvikShop ShoppingCart 3.4 Cross Site Scripting
04.10.2022
CraCkEr
Low
Joomla RAXO All-Mode PRO 2.01 Cross Site Scripting
04.10.2022
CraCkEr
Low
Joomla Solidres 2.12.9 Cross Site Scripting
04.10.2022
CraCkEr
Low
jCart For OpenCart 3.0.3.19 Cross Site Scripting
02.10.2022
CraCkEr
Low
WooCommerce BRW Booking Rental 1.3.1 Cross Site Scripting
01.10.2022
CraCkEr
Low
Joomla jMarket 5.15 Cross Site Scripting
01.10.2022
CraCkEr
Low
Bus Pass Management System 1.0 Cross Site Scripting
29.09.2022
Ali Alipour
Low
Joomla EDocman 1.23.3 Cross Site Scripting
29.09.2022
CraCkEr
Low
Online Examination System 1.0 Cross Site Scripting
29.09.2022
Yousef Alraddadi
Low
WordPress Sabai Discuss 1.4.13 Cross Site Scripting
28.09.2022
CraCkEr
Low
Active eCommerce CMS 6.3.0 Cross Site Scripting
28.09.2022
th3d1gger
Low
EShop Joomla Shopping-Cart 3.6.0 Cross Site Scripting
28.09.2022
CraCkEr
Low
WordPress Motopress Hotel Booking Lite 4.4.2 Cross Site Scripting
28.09.2022
Ali Alipour
Low
WordPress WP-UserOnline 2.88.0 Cross Site Scripting
25.09.2022
UnD3sc0n0c1d0
Low
WorkOrder CMS 0.1.0 Cross Site Scripting
24.09.2022
Chokri Hammedi
Low
Multix 2.4 Cross Site Scripting
24.09.2022
th3d1gger
Low
Testa 3.5.1 Online Test Management System Reflected Cross-Site Scripting (XSS)
24.09.2022
Ashkan Moghaddas
Low
WordPress GetYourGuide Ticketing 1.0.1 Cross Site Scripting
20.09.2022
Mariam Tariq
Low
News247 News Magazine 1.0 Cross Site Scripting
15.09.2022
Ravinder Verma
Low
ETAP Safety Manager 1.0.0.32 Cross Site Scripting
13.09.2022
LiquidWorm
Low
Rocket LMS 1.6 Cross Site Scripting
13.09.2022
th3d1gger
Low
mbDrive Lite WiFi Flash Disk 1.4.0 Cross Site Scripting
11.09.2022
Chokri Hammedi
Med.
OX App Suite Cross Site Scripting / Command Injection
02.09.2022
Martin Heiland
Low
WordPress Netroics Blog Posts Grid 1.0 Cross Site Scripting
02.09.2022
yunaranyancat
Med.
WordPress Core Cross Site Scripting / SQL Injection
31.08.2022
Khalilov Moe
Med.
FLIR AX8 1.46.16 Traversal / Access Control / Command Injection / XSS
20.08.2022
Samy Younsi
Low
Inout SiteSearch 2.0.1 Cross Site Scripting
15.08.2022
CraCkEr
High
Windows sxssrv!BaseSrvActivationContextCacheDuplicateUnicodeString Heap Buffer Overflow
14.08.2022
Google Security Resear...
Low
Fiberhome AN5506-02-B Cross Site Scripting
12.08.2022
Leonardo Goncalves
Low
Intelbras ATA 200 Cross Site Scripting
12.08.2022
Leonardo Goncalves
Low
WordPress Testimonial Slider And Showcase 2.2.6 Cross Site Scripting
06.08.2022
yunaranyancat
Low
WordPress WP-UserOnline 2.87.6 Cross Site Scripting
03.08.2022
Steffin Stanly
Low
Wavlink WN533A8 Cross Site Scripting
02.08.2022
Ahmed Alroky
Low
Transposh WordPress Translation 1.0.7 Cross Site Scripting
01.08.2022
Julien Ahrens
Med.
WordPress Plugin WP-UserOnline 2.87.6 Stored Cross-Site Scripting (XSS)
01.08.2022
Steffin Stanly
Low
Loan Management System 1.0 Cross Site Scripting
29.07.2022
saitamang
Low
Magnolia CMS 6.2.19 Cross Site Scripting
10.07.2022
Giulio Garzia
Low
EQS Integrity Line Cross Site Scripting / Information Disclosure
06.07.2022
Giovanni Pellerano
Low
Paymoney 3.3 Cross Site Scripting
04.07.2022
nu11secur1ty
Low
BigBlueButton 2.3 / 2.4.7 Cross Site Scripting
02.07.2022
Rick Verdoes
Low
WSO2 Management Console Cross Site Scripting
28.06.2022
cxosmo
Low
Mailhog 1.0.1 Stored Cross-Site Scripting (XSS)
28.06.2022
Vulnz
Med.
SIEMENS-SINEMA Remote Connect 3.0.1.0-01.01.00.02 Cross Site Scripting
22.06.2022
Steffen Robertz
Low
SAP Fiori Launchpad Cross Site Scripting
22.06.2022
Yvan Genuer
Low
SAP FRUN 2.00 / 3.00 Cross Site Scripting
22.06.2022
Yvan Genuer
Low
WordPress Download Manager 3.2.43 Cross Site Scripting
22.06.2022
Andrea Bocchetti
Med.
JM-DATA ONU JF511-TV 1.0.67 / 1.0.62 / 1.0.55 XSS / CSRF / Open Redirect
20.06.2022
Neurogenesia
Low
SolarView Compact 6.00 Cross Site Scripting
20.06.2022
Ahmed Alroky
High
Gentics CMS 5.36.29 Cross Site Scripting / Deserialization
20.06.2022
Gerhard Hechenberger
Low
SolarView Compact 6.00 pow Cross-Site Scripting (XSS)
17.06.2022
Ahmed Alroky
Low
WordPress Download Manager 3.2.42 Cross Site Scripting
11.06.2022
Rafie Muhammad
Med.
Product Show Room Site 1.0 Cross Site Scripting
05.06.2022
webraybtl
Low
Contao 4.13.2 Cross Site Scripting
04.06.2022
Chetanya Sharma


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2023-02-02
Waiting for details
CVE-2023-0639

Updating...
 

 
A vulnerability was found in TRENDnet TEW-652BRP 3.04b01 and classified as problematic. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation of the argument nextPage leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-220019.

 
Waiting for details
CVE-2022-2546

Updating...
 

 
The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wm_export AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response that will be executed in the victims session. Note: This requires knowledge of a static secret key

 
Waiting for details
CVE-2023-0650

Updating...
 

 
A vulnerability was found in YAFNET up to 3.1.11 and classified as problematic. This issue affects some unknown processing of the component Signature Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.12 is able to address this issue. The name of the patch is a1442a2bacc3335461b44c250e81f8d99c60735f. It is recommended to upgrade the affected component. The identifier VDB-220037 was assigned to this vulnerability.

 
Waiting for details
CVE-2023-0253

Updating...
 

 
The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via folder names in versions up to, and including, 4.18.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with author-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

 
2023-02-01
Waiting for details
CVE-2023-0607

Updating...
 

 
Cross-site Scripting (XSS) - Stored in GitHub repository projectsend/projectsend prior to r1606.

 
Waiting for details
CVE-2022-42973

Updating...
 

 
A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)

 
Waiting for details
CVE-2023-23630

Updating...
 

 
Eta is an embedded JS templating engine that works inside Node, Deno, and the browser. XSS attack - anyone using the Express API is impacted. The problem has been resolved. Users should upgrade to version 2.0.0. As a workaround, don't pass user supplied things directly to `res.render`.

 
Waiting for details
CVE-2023-0606

Updating...
 

 
Cross-site Scripting (XSS) - Reflected in GitHub repository ampache/ampache prior to 5.5.7.

 
Waiting for details
CVE-2023-0608

Updating...
 

 
Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to 1.3.2.

 
Waiting for details
CVE-2022-47983

Updating...
 

 
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 243161.

 

 


Copyright 2023, cxsecurity.com

 

Back to Top